bug[low]: No validations of `FraxswapStepData.pool` can lead to unrestricted external calls

[pegahcarter]

Description

Within a FraxswapRoute, a caller can pass in an array of FraxswapStepData, each of which gives a specific execution path. If FraxswapStepData.swapType < 2, there are several unverified external calls on FraxswapStepData.pool. A caller can pass in their own contract as a pool and exit the intended logic gates.

Impact

Low - worst case scenario (that I can think of) is an attacker can drain the Multihop of any residual tokens (which there shouldn't be).

Recommendation

Add a PairFactory call to ensure that the pool was created from the PairFactory.

@denett

[denett]

This is the intended setup. There can be arbitrary calls to arbitrary contracts during a swap to be super flexible. To be safe, the router must have the following security properties:

• Approved tokens are only withdrawn when the calling the contract directly, based on the amounts specified in that call.
• The swap fails or the users gets at least the number of tokens as specified in amountOutMinimum. When these two properties hold, the user can even get the route from an untrusted source, as longs as the other parameters in FraxswapParams are set correctly.